features
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the local codebase (route handlers, API endpoints, etc.) and project configuration files (
.acumen.md). This creates an indirect prompt injection surface where malicious instructions embedded in the code could influence agent behavior. - Ingestion points: Reads
.acumen.md,.acumen/features.md,.acumen/personas.md, and scans the repository codebase. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded commands in the scanned data.
- Capability inventory: The agent has the ability to read files, search the codebase, and write to
.acumen/features.md. - Sanitization: Absent. Content from the codebase is directly interpreted to determine feature statuses, metrics, and owners.
Audit Metadata